In article <555B8313.5080400@netassist.ua> you write:
How much false positives (i.e. blackholing traffic users want to reach)?
Very little. The DROP list, which is what's in the BGP feed, is a small subset of the SBL, and only includes blocks that send no legitimate traffic at all.
On 18.05.15 21:04, Marco d'Itri wrote:
On May 17, Mike Lyon <mike.lyon@gmail.com> wrote:
Any ISPs out there (big or small) ever used the Spamhaus BGP feed to prevent against botnet, spam, etc? If so, how has your experience been? Is it worthwhile? Has it helped? On / off list responses are appreciated in advance. We use Spamhaus DROP (not the BGP version: our software asks a human to review each change). The benefits are not obvious since we do not have access customers, but it will blackhole some networks you obviously do not want to talk to, and it has not caused any troubles either.